Hi Security Team and pkg-javascript-devel team, may i have your opinion on this discussion about having a shared v8 package maintained by nodejs LTS support ?
Please CC all. 2015-10-01 10:25 GMT+02:00 Moritz Mühlenhoff <[email protected]>: > Hi, > > yes i'm in favor of getting latest nodejs LTS into next debian release (be > it 4.1 or 4.2, >> >> but certainly not 5.0). >> > > > 4.1.1 is the next LTS: https://github.com/nodejs/LTS/ > I'm not reading anything on that page regarding version 4.1.1 ? The documentation there is a bit outdated and doesn't reflect current choices - they mention versions and dates as mere examples to explain their plans. The next LTS might not be released in time for stretch: > https://wiki.debian.org/DebianStretch > > Do you plan to stick with one version for the nodejs packages or to make > them co-installable? > One version. If there is a new nodejs LTS several months before Stretch transition freeze, then considering an update is reasonable. Future transitions are likely to be less painful than the nodejs 0.10 -> 4 one: - pure js modules are mostly forward-compatible - c++ addons API compatibility is getting better with node-nan 2.x - most of the time updating node-nan and rebuilding addons will be fine. I'm thinking of updating v8 debian package and linking against it in nodejs >> 4 - as you know >> that wasn't a good idea for libv8-3.14 / nodejs 0.10 as it required too >> much work. >> It could be more successful and maintainable if we directly use the >> nodejs v8 bundled copy, >> thus taking advantage of nodejs LTS security patches and enlightened >> choices. >> > > Currently nodejs is the only rdep of libv8-3.14-dev (chromium uses the > bundled version as well). > Given that libv8 is an unmaintainable mess I'm personally in favour of > abandoning the packaged > libv8 in favour of nodejs using the bundled version (since currently > nodejs is essentially > security-unmaintained in jessie) > But nodejs isn't actually the only rdep, you should check libv8-dev rdeps as well: weechat, uwsgi, mongodb, osmium, plv8. The mess came from lack of v8 LTS and version ABI support. Now that nodejs LTS is just doing that work, a shared v8 would benefit from it. But I can't/won't decide on this on my own, please contact > [email protected] for a broader > discussion. > CC-ing > PS: could we bring this discussion to pkg-javascript-devel for their >> information ? >> > > Sure, please CC me, I'm not CCed. > CC-ing Jérémy
_______________________________________________ Pkg-javascript-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
